PRIVACY POLICY

1. General Provisions

1.1. This Privacy Policy describes how SIA TAVAS ROTAS, registration no. 40203444342, located at Lielā iela 13, Talsi, LV-3201 (hereinafter referred to as the “Data Controller”), collects, processes, and stores personal data obtained from its customers and visitors of the website www.tavasrotas.com (hereinafter referred to as the “Data Subject” or “You”).

1.2. Personal data is any information related to an identified or identifiable individual, i.e., the Data Subject. Processing refers to any operation performed on personal data, such as collection, recording, modification, usage, viewing, deletion, or destruction.

1.3. The Data Controller complies with the principles of data processing established by law and ensures that personal data is processed in accordance with applicable regulations.

2. Collection, Processing, and Storage of Personal Data

2.1. The Data Controller collects, processes, and stores personally identifiable information through the website and email.

2.2. By visiting and using the services provided by the online store, you agree that any information you provide will be used and managed in accordance with the purposes defined in this Privacy Policy.

2.3. The Data Subject is responsible for the accuracy, completeness, and correctness of the personal data provided. Deliberately providing false personal data is considered a violation of our Privacy Policy, and the Data Subject must immediately inform the Data Controller of any changes.

2.4. The Data Subject bears responsibility for any damages arising from the submission of false or inaccurate data, not the Data Controller.

3. Processing of Customer Personal Data

3.1. The Data Controller may process the following personal data:

  • 3.1.1. First name and last name
  • 3.1.2. Contact details (email address and phone number)
  • 3.1.3. Transaction data (purchased goods, delivery address, price, payment information, etc.)
  • 3.1.4. Any other information provided during the purchase of goods or services or communication with us.

3.2. The Data Controller has the right to verify the accuracy of the submitted data using public registers.

3.3. The legal basis for personal data processing is based on Article 6 of the General Data Protection Regulation (GDPR):

  • (a) The Data Subject has given consent for one or more specific purposes.
  • (b) Processing is necessary for the performance of a contract to which the Data Subject is a party, or to take steps at the request of the Data Subject prior to entering into a contract.
  • (c) Processing is necessary to comply with a legal obligation to which the Data Controller is subject.
  • (d) Processing is necessary for the legitimate interests of the Data Controller or a third party, unless those interests are overridden by the interests or fundamental rights and freedoms of the Data Subject, especially if the Data Subject is a child.

3.4. The Data Controller will store and process the personal data of the Data Subject as long as at least one of the following criteria is met:

  • 3.4.1. The data is necessary for the purposes for which it was collected.
  • 3.4.2. The Data Controller and/or the Data Subject can exercise their legitimate interests under applicable laws, such as submitting objections or initiating legal claims.
  • 3.4.3. The Data Controller is legally obligated to retain the data, such as in accordance with the Accounting Law.
  • 3.4.4. The Data Subject's consent to the processing of personal data remains valid unless there is another legal basis for the data processing.

Once the conditions listed above no longer apply, the Data Subject’s personal data will be permanently deleted from all systems and electronic or paper documents containing such data, or anonymized.

3.5. The Data Controller has the right to transfer your personal data to partners and data processors who perform necessary data processing on our behalf, such as courier services. The data processor will be considered the data controller. Upon request, we may transfer your personal data to government and law enforcement authorities to defend our legal interests, submit claims, or defend legal claims.

3.6. The Data Controller implements appropriate organizational and technical measures to ensure the protection of personal data from accidental or unlawful destruction, alteration, disclosure, or any other unlawful processing.

4. Data Subject Rights

4.1. In accordance with the GDPR and the laws of the Republic of Latvia, you have the following rights:

  • 4.1.1. Right to access information: You have the right to know why and how your personal data is processed. You also have the right to receive a copy of your personal data in a commonly used electronic format free of charge.
  • 4.1.2. Right to rectification: You have the right to request the correction or completion of inaccurate or incomplete personal data without undue delay.
  • 4.1.3. Right to restrict processing: You can request the restriction of your data processing if you object to it and we do not have a legitimate basis for continuing, if you dispute the accuracy of the data, or if processing is unlawful but you prefer restriction over deletion.
  • 4.1.4. Right to object: You have the right to object to the processing of your data at any time unless it is necessary for a task carried out in the public interest or there are legitimate grounds for processing.
  • 4.1.5. Right to erasure ("Right to be forgotten"): You have the right to withdraw your consent and request the deletion of your personal data without undue delay when the data is no longer necessary to provide the requested services or comply with legal requirements.
  • 4.1.6. Other rights in accordance with GDPR: For more information, visit https://europa.eu.

You may submit your request to exercise your rights by emailing info@tavasrotas.com.

5. Use of Cookies

This website may set the following types of cookies:

  • Functional cookies: These are necessary for navigating the website and using its features, such as the shopping cart functionality. Without these cookies, we cannot provide the requested services.
  • Google Analytics cookies: These cookies are used to collect website traffic statistics. We use this information to improve the performance of the website and marketing activities.
  • Targeted advertising tool cookies: These cookies enhance the effectiveness of advertisements and show ads that are most relevant to you.
  • Third-party service provider cookies: Third-party services such as Facebook “Share,” Twitter “Tweet,” or LinkedIn “Post” buttons may set cookies. We cannot control these cookies as they are not set by our website.

6. How to Opt-Out of Cookies

You can refuse cookies by using the private browsing mode provided by most browsers. Any cookies created while operating in private browsing mode are deleted as soon as you close all private browser windows. You can also opt out of data collection for targeted advertising by using free tools like Your Online Choices or YourAdChoices.

7. Final Provisions

7.1. This Privacy Policy is drafted in accordance with the European Parliament and Council Regulation (EU) 2016/679 (April 27, 2016) on the protection of individuals concerning the processing of personal data and the free movement of such data (General Data Protection Regulation), as well as the applicable laws of the Republic of Latvia and the European Union.

7.2. The Data Controller reserves the right to amend or supplement this Privacy Policy at any time without prior notice. Changes will take effect immediately upon their publication on www.tavasrotas.com.